Return-Path: 
 <users-return-7283-apmail-httpd-users-archive=httpd.apache.org@httpd.apache.org>
Delivered-To: apmail-httpd-users-archive@httpd.apache.org
Received: (qmail 50344 invoked by uid 500); 17 May 2002 00:19:54 -0000
Mailing-List: contact users-help@httpd.apache.org; run by ezmlm
Precedence: bulk
Reply-To: users@httpd.apache.org
list-help: <mailto:users-help@httpd.apache.org>
list-unsubscribe: <mailto:users-unsubscribe@httpd.apache.org>
list-post: <mailto:users@httpd.apache.org>
Delivered-To: mailing list users@httpd.apache.org
Received: (qmail 50332 invoked from network); 17 May 2002 00:19:54 -0000
Received: from unknown (HELO caustic.oddprocess.org) (209.50.139.90)
  by daedalus.apache.org with SMTP; 17 May 2002 00:19:54 -0000
Received: from matt by caustic.oddprocess.org with local (Exim 3.35 #1
 (Debian))
	id 178VDP-0003TH-00; Thu, 16 May 2002 20:03:23 -0400
Date: Thu, 16 May 2002 20:03:23 -0400
From: Matthew Daubenspeck <matt@oddprocess.org>
To: users@httpd.apache.org, Dummy <evolution@prodigy.net.mx>
Subject: Re: .htaccess file retrieved by browser
Message-ID: <20020517000323.GA13313@oddprocess.org>
References: <002e01c1fd37$969af1d0$fc00a8c0@evolution.com.mx>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <002e01c1fd37$969af1d0$fc00a8c0@evolution.com.mx>
User-Agent: Mutt/1.3.28i
X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N

<Files ~ "^\.ht">
    Order allow,deny
    Deny from all
</Files>

Try that in httpd.conf

On Thu, May 16, 2002 at 07:12:51PM -0500, Dummy wrote:
> Hello folks,
> 
> I've rented a FreeBSD 4.4 virtual server with Apache/1.3.12 OpenSSL/0.9.6a
> installed. The providers are a Verio subsidiary (or I think it's Verio
> itself), formerly iServer.com
> 
> The problem I have is I'm able to retrieve with a browser the .htaccess file
> from any directory of my site.
> 
> I tried to perform many web and maillist archives searches, but none of the
> different wordings I chose brought any useful result.
> 
> I've used a .htaccess file to allow directory indexing in a particular
> directory within the site, and the IndexIgnore directive makes this file
> invisible to the browser.
> 
> But when I tried to request the file directly (e.g.
> http://site.com/dir/.htaccess), with surprise I found Apache served the
> file, and I was able to read it as plain text.
> 
> I tested this in some other directories and the result was the same.
> 
> I don't know if this behavior occurs by design, or is a reported bug in
> Apache, or even if it is a particular configuration problem.
> 
> Isn't Apache supposed not to serve this kind of files? Is there some
> httpd.conf directive I can turn on to solve this?
> 
> Because of some hosting clients I have, I strictly need to be able to use
> .htaccess files.
> 
> Thanks in advance,
> Andres Bianciotto
> an 'Argie' in Mexico
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org